CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
20.2%
e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser.
This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access an unexpected website (CWE-939).
A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
Update the Product
Update the product to the latest version according to the information provided by the developer.
The developer released the following versions to fix the issue.